If you’ve got software that lets you leverage tools like a risk matrix, that’s great. The key is to use those tools within the larger context of a closed-loop risk management process.
Key steps in the process include:
- Hazard identification
- Risk assessment
- Control implementation
- Monitoring
- Making adjustments
These steps fit into the plan-do-check-act approach to continuous improvement. From a risk management perspective, risk management isn’t an isolated activity, but rather a closed-loop process that ensures continuous risk reduction.
In practical terms, it means that it’s not enough to do a risk assessment on a nonconformance and then mark it done once the corrective action is complete. You have to find out whether that action was actually effective. And if not, you need to feed it back into the start of the cycle.
